What's wrong with OpenMailBox?

23 replies [Last post]
UsernameV
Offline
Joined: 05/23/2017

Hi, im trying to register in OpenMailBox since some days ago, i everytime appears a message saying: Registrations are temporally dislabled (or something like that).
Is it only me? will they fix this problem soon?

jxself
Offline
Joined: 09/13/2010

It is probably best to ask the openmailbox people. This is the forums for Trisquel, and we don't run the openmailbox site.

Libremind
Offline
Joined: 06/20/2017

Hi, Registration is disabled for everyone, you better conctact the openmailbox team.

ADFENO
Offline
Joined: 12/31/2012

I also noticed that, thanks to some mass missinformation that carried on
to most of the OpenMailBox users and donors, it's now very hard to make
the donation mark pass the 30%. As a user, and unemployed poor, I'm
trying my best to attract more donors, but I think I'll have to make
some drastic changes on how I communicate if I don't want to be indirect
victim of those annoying non-founded boycotts --- non-founded because
the service provider is still alive and providing services.

Currently, I see these options:

a. Find another free/libre software friendly email provider that
provides gratis registration and usage, but which also accepts
donations and paid storage enhancements.

b. Get a gratis domain name that is not subject to tracking by
government, and go through the road of setting my own email service,
only for my personal use, and hope that my messages don't end up
flagged as spam. I don't know how to do this option, although I can
learn, it'll probably take some time, specially to find a trustworth
domain name provider.

c. Forget about server based email and move to distributed (no server
involved) BitMessage email. By default, this will make communication
with others that have server-dependent email impossible --- this also
applies to sites or services that expect you to have validation
through email, because most of these services don't know how to send
BitMessage messages. There are some service providers that provide an
average email address that can represent your existing BitMessage
address, but once again, if you start depending on this, then a
boycott like what happenned to OpenMailBox can easily make these
independent service providers vanish. If I end up only with this
option (and without the BitMessage-Email both-ways forward service),
I might be unable to use most forums and mailing lists, including
this one.

Poor OpenMailBox, why don't those boycotters do the exact same thing
when they were HotMail/Gmail/Yahoo/OtherFreeSoftwareUnfriendly users, I
guess we would have won the attention of those service providers
already. :)

In the end, I and OpenMailBox just need more help getting more
donors. It's not over yet, because the service is still being provided.

--
- [[https://libreplanet.org/wiki/User:Adfeno]]
- Palestrante e consultor sobre /software/ livre (não confundir com
gratis).
- "WhatsApp"? Ele não é livre, por isso não uso. Iguais a ele prefiro
GNU Ring, ou Tox. Quer outras formas de contato? Adicione o vCard
que está no endereço acima aos teus contatos.
- Pretende me enviar arquivos .doc, .ppt, .cdr, ou .mp3? OK, eu
aceito, mas não repasso. Entrego apenas em formatos favoráveis ao
/software/ livre. Favor entrar em contato em caso de dúvida.

ADFENO
Offline
Joined: 12/31/2012

Important note: I'm *not* involved with OpenMailBox.

jules_verne
Offline
Joined: 01/02/2017

I use Tutanota. It pretty much satisfy the requirements pointed out by yourself. Give it a chance if Openmailbox keeps suffering the same problems.

hack and hack
Offline
Joined: 04/02/2015

I don't understand why a server isn't an option for you.

To me:
* people I communicate with are 99% on non-free providers. So my emails are compromised anyway.
* from there, Openmailbox/mail server vs Gmail/Yahoo, not much of a difference, I suppose. Well, free software on a personal server is still better. But The server might take a bit more work, for no real gains. And the libre provider can still use your data, in theory.
* Encryption is the key (pun intended), but it's not easy to understand/use. Still the best option around.

Is my reasoning flawed somewhere?

BlinkingArrow

I am a member!

Offline
Joined: 12/27/2011

Encrypting the e-mails on the server is difficult. Encrypting the messages between the servers is doable as well, but the other server must be configured to allow it as well. End-to-end encryption is quite difficult but not because of technical reasons. You have to convince the person you're communicating with to create a GPG key and use it. Furthermore, this person will likely use it on a proprietary OS anyway, so it can be considered compromised anyway.

hack and hack
Offline
Joined: 04/02/2015

Interesting. So the most common mail providers might not allow encrypted emails to pass?

To make sure we're talking about the same method, I'm talking about using something like Thunderbird instead of the Webmail.

-----------------------------

A few more remarks:
* Both persons need to use a libre OS, but even then, at least the email provider can't read a thing. So that's already one GAFAM player out of the game.

* Indexation of encypted email doesn't work. But if not using the webmail, it shouldn't be a problem.

-----------------------------

in a nutshell:
* I might misunderstand it, but I don't see the point of having a libre email provider, or even a personal email server (trusting the provider, communicating with non-free mailboxes cancels the point, even more if mails are fetch to the non-free OS, etc.).

* as for GPG, although it's (to me) the best way, it demands some preparation that most aren't willing to make, and that might be tricky (if using someone else's PC for example, or your smartphone). I guess that's where Tails comes into play (most people wouldn't make the effort of using it though).
Setup on several machines, including smartphone and Tails, that's A LOT of work.
Too tempting to simply connect to the webmail only to find that the encrypted emails are unreadable.

I guess I'll have to try.

BlinkingArrow

I am a member!

Offline
Joined: 12/27/2011

I meant to write that it is *not* difficult to encrypt the messages on the server (if you have control of it). I would imagine that most e-mail providers encrypt communications between servers. No real reason not to.

I was talking about running your own server and using a client. The only point is to decentralize, but if the government is tapping the major backbone then it probably wouldn't matter. It's harder to coerce many entities instead of just one.

About GPG, that's correct. It's also not perfect because there's metadata. The subject field of e-mails cannot be encrypted and it is still possible to tell who is communication with whom.

hack and hack
Offline
Joined: 04/02/2015

Another problem of a personal mail server is that the most common webmails might reject it as spam.
For other uses than email, a personal server is still a great idea.

Ah, right, the title isn't encrypted, I forgot.

Regarding privacy, security and reliability, encryption seems to still be the best best, in this regard a popular proprietary mailbox is actually fine, since communicating with one is virtually unavoidable.

I guess you're right: the true downside is having other people using it. For this:
* I remember someone here suggesting to put links and GPG key in the email signature
* A couple of tutorials were suggested to me. Roughly, it's about installing Thunderbird, a plugin, generating keys and using it.
I wonder if building a special script/installer that does ALL of that would be a good idea. A one click install, regardless of the OS.

The other obstacle would be reading emails on other devices the easy way (yet safely enough).
Even if configuring the same mailbox with GPG on Tails could be easy, no way most people would do it.

Last but not least, the argument that "if I do all of that, I'd be listed/targeted by the government, even more than we all are now. I would be standing out".
It's a bit tough to answer that, actually.

BlinkingArrow

I am a member!

Offline
Joined: 12/27/2011

With IMAP, it is possible to have encrypted e-mail available on multiple devices as long as you copy you're private key to them. So, if you have a desktop at home and a laptop both could be configured to read your e-mail.

For something like Tails, an encrypted flash drive with your private key would be necessary. This would require some configuration on each boot.

Using Thunderbird with the Enigmail plug-in is probably the easiest way to achieve this. One could use the terminal to encrypt and then attach the result to the e-mail.

The people that make that argument don't realize how much encryption they habitually use. I doubt that encrypting e-mail increases your exposure, the alphabet soups still know who is talking to whom. If your friend does something stupid today, they'll pay you a visit tomorrow.

hack and hack
Offline
Joined: 04/02/2015

I see, so for personal machines (including a Replicant phone, though there's no guarantee the private key can't be accessed from the modem), problem solved.

So Thunderbird + Enigmail on Tails would need some config on each boot? Too bad, as if it wasn't annoying enough to reboot from a thumbdrive.

About the "targeted" argument:
Sure but that's socially acceptable encryption (not the kind of encryption that would attract attention, even though perfectly legal and reasonable).
In a way, all this is meaningless https://www.xkcd.com/538/
But to me, the point is simply to cover as much leaks as possible/reasonable, to as many unwanted third-party readers possible/reasonable. Which should be normal use.
I mean if people prevent their emails to be accessed by other people, it makes sense that the mail provider (and more commercial/governmental entities) should get the same treatment, legally.

Well, actually I still wonder why I put so much effort into all this. I guess I consider it forbidding legal but abusive behavior. Legally. Or at least making it harder to put in practice.

So, their argument that it might increase exposure has some truth, which is why I have a hard time answering that.
OTOH, which is better: having all my data on diplay but not being on the radar (in theory), or possibly standing out a bit more, but having very little of my data on display? Frankly, I don't like option n°1.

BlinkingArrow

I am a member!

Offline
Joined: 12/27/2011

If you burn the tails ISO to read-only media, then yes you'll have to configure it each time. It is also possible to simply use the command line. You could add your private key to the ISO before burning it, but I wouldn't do that.

I wonder how many people actually use untrusted computers in this manner. If you're serious enough to use Tails, wouldn't you inspect the hardware at least. It all comes down to your threat model.

hack and hack
Offline
Joined: 04/02/2015

It seems more complex than I thought. The config makes it even less likely to be used by friends/family.

And you're right again, I didn't think about the hardware. One more downside.

My perspective is always the random normal user who's privacy conscious. To me it would be the rare case of "I don't have my computer with me, but I have to check my emails".

Considering all that, the Tails method isn't vital.
Nonetheless, if more people I know are willing to use GPG for emails, I'd go along with it.

strypey
Offline
Joined: 05/14/2015

All this talk about hiding your email from the spooks misses the point. The most important reason to use a libre host for email (or any other server-based system) is the same as the reason for using a libre OS - to support and encourage increased use of free code software, and reduce dependencies on proprietary software wherever possible. Reducing the attack surface available to entities wanting to spy on or mess with you is just a bonus.

Given everything we've learned about the masses of surveillance machinery that has been built to monitor the internet, at this point any non-specialist using the internet to communicate about illegal stuff might as well print out a copy and post it to their local police station. That said, one good reason for learning about the various vulnerabilities, and how to mitigate them where possible, is to be part of building and testing the various moving parts that might one day add up to an internet where reliably private communication is possible.

GNUbahn
Offline
Joined: 02/18/2016

Posteo actually offers the option of paying totally anonymously by cash. You can send your cousin to pay or even send cash in an envelope. The also offer encryption of all data on their disks (with the downside of no back up)

I think the (little) money serves a very good purpose.

strypey
Offline
Joined: 05/14/2015

I can't see why how encrypting user data prevents them making backups of it. Or are you just saying that they don't do backups for some other reason, and it's a downside of their service.

ADFENO
Offline
Joined: 12/31/2012

Thank you very much for understanding the situation. :)

JohnScott623
Offline
Joined: 07/03/2017

I'm an OpenMailBox user, and I really hope that they get themselves together. I recommended OpenMailBox to a friend of mine a month or so ago, and that's when I found out that registration was closed. It's sad to see that not much progress has been made; this should be investigated for sure.

The amount of money from fundraising hasn't changed a bit in a long time; every time I go to their home page, the bar is in the same spot that it's always in. It makes me wonder if they're just not getting any donors or something more is going on.

tonlee
Offline
Joined: 09/08/2014

Openmailbox account stopped working in thunderbird. It wants to import a new certificate. A certificate with a shasum I am not able to verify is legitimate.

Hhttps://www.openmailbox.org/webmail/ has worked. It does not anymore.
Not Found The requested URL /webmail/ was not found on this server.

I can log in on https://app.openmailbox.org/login

Spinoza
Offline
Joined: 07/07/2013

hi Tonlee,
Seems you got to pay 4-5 euro /month if you want access to your e-mail by using Thunderbird.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

ewwww, openmailbox, I'd rather use google, at least you know what you get.

strypey
Offline
Joined: 05/14/2015

I find this attitude weird. Sure, it would be naive to think using an email host who use libre software magically makes your email more secure (it doesn't for all the reasons discussed in the threads about OMB), but if early adopters and software freedom champions don't support services like OMB (or use GNU Social instead of the birdsite) in their experimental stages, how will reliable, sustainable, privacy-respecting hosts ever come into existence? Despite my criticisms of OMB on the more recent thread, I'd much rather support the network effect of a provider that uses 100% free software (as confirmed by their FSF endorsement) than one which refuses to disclose what software they use or what license covers it, or to share all the code they write for their service.